Advanced CloudFormation Skills
AWS Systems Manager
AWS Secrets Manager
Parameter Store vs. Secrets Manager
AWS Service Catalog
AWS Control Tower
Managing Product Licenses
Amazon Managed Grafana
Amazon Managed Service for Prometheus
AWS Resilience Hub
The course is part of this learning path
This course provides detail on the AWS Management & Governance services relevant to the AWS Certified DevOps Engineer - Professional exam.
Want more? Try a lab playground or do a Lab Challenge!
- Learn how AWS AppConfig can reduce errors in configuration changes and prevent application downtime
- Understand how the AWS Cloud Development Kit (CDK) can be used to model and provision application resources using common programming languages
- Get a high-level understanding of Amazon CloudWatch
- Learn about the features and use cases of the service
- Create your own CloudWatch dashboard to monitor the items that are important to you
- Understand how CloudWatch dashboards can be shared across accounts
- Understand the cost structure of CloudWatch dashboards and the limitations of the service
- Review how monitored metrics go into an ALARM state
- Learn about the challenges of creating CloudWatch Alarms and the benefits of using machine learning in alarm management
- Know how to create a CloudWatch Alarm using Anomaly Detection
- Learn what types of metrics are suitable for use with Anomaly Detection
- Create your own CloudWatch log subscription
- Learn how AWS CloudTrail enables auditing and governance of your AWS account
- Understand how Amazon CloudWatch Logs enables you to monitor and store your system, application, and custom log files
- Explain what AWS CloudFormation is and what it’s used for
- Determine the benefits of AWS CloudFormation
- Understand what the core components are and what they are used for
- Create a CloudFormation Stack using an existing AWS template
- Learn what VPC flow logs are and what they are used for
- Determine options for operating programmatically with AWS, including the AWS CLI, APIs, and SDKs
- Learn about the capabilities of AWS Systems Manager for managing applications and infrastructure
- Understand how AWS Secrets Manager can be used to securely encrypt application secrets
Have you ever felt defeated by the AWS Console? Ever spend your day clicking through 20 screens in the AWS Console just to create one EC2 instance? And then you get frustrated when you input the user data incorrectly and so you click through another 20 screens to fix it? If this sounds like you, then you deserve to be compensated.
Sadly, I can’t compensate you but I can recommend you use AWS CloudFormation.
That’s because creating resources manually is time-consuming and often error-prone - and so you’d want to automate this process as much as possible. You may be thinking “Well, I can just use the CLI to do this” and while you can automate the creation of AWS resources with CLI or API calls, updating those resources would still be mostly manual.
By using CloudFormation, you can automate the creation, the updating, and the deletion of your infrastructure and its configurations all in one place. So instead of writing shell scripts and writing your own logic with AWS API calls, you can write your infrastructure as code declaratively using CloudFormation.
So if you’re sold on using CloudFormation at this point, you’ll first begin by defining your infrastructure in a CloudFormation template. A template is written in either JSON or YAML format and uses a specific structure to document all of your AWS resources and their configurations.
The cool thing about defining your infrastructure as code, is that you can apply the same best practices you use for your software development process to the development and deployment of your cloud infrastructure. That means you can use code versioning tools like Git or SVN to keep track of modifications to your templates. You can use virtualized tests and apply continuous monitoring. And you can even deploy your CloudFormation templates through a CI/CD pipeline.
The benefit of this is that you reduce the number of errors in your templates and can easily redeploy templates to create multiple instances of your infrastructure. This is helpful when you have multiple environments, such as dev, test, staging, and prod and you need to quickly stand up identical versions of these environments.
After you’ve finished creating your template, the cloudformation engine will act as a function, take your template as an input, and spit out what is called a stack as the output. A stack is a collection of AWS resources that you can manage as a single unit.
Each CloudFormation stack has a unique name and a linked template. When you create a new stack, you can then check the live status of your infrastructure deployment and view your newly created resources, or even delete the stack if your resources are no longer needed.
It's important to keep in mind that CloudFormation checks if each stack resource is properly created and configured. If any one resource in the template cannot be created, CloudFormation rolls back and destroys all created resources by default. This default behavior ensures that stacks are “all or nothing” - meaning stacks are either created fully, or destroyed fully, so that you don’t have to worry about tracking down any stray resources CloudFormation created and deleting them yourself.
While CloudFormation is available for most AWS services, it does not support all of them. However, Amazon is constantly updating their list of AWS supported resources and operations monthly. If there’s a service CloudFormation doesn’t support that you need coverage for, you can check out the CloudFormation Public Coverage Roadmap github, which is as the name suggests, a public roadmap focused on upcoming additions to the CloudFormation service.
In summary, write your infrastructure as code in a template using YAML or JSON, upload the files to CloudFormation using the console, API, or SDKs, and CloudFormation will create your resources. No more point-and-clicking through the console.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.